Re: Additional role attributes && superuser review

From: Gavin Flower <GavinFlower(at)archidevsys(dot)co(dot)nz>
To: Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: Stephen Frost <sfrost(at)snowman(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Peter Eisentraut <peter_e(at)gmx(dot)net>, Adam Brightwell <adam(dot)brightwell(at)crunchydatasolutions(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Petr Jelinek <petr(at)2ndquadrant(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Additional role attributes && superuser review
Date: 2015-04-30 00:33:57
Message-ID: 55417875.6040103@archidevsys.co.nz
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On 30/04/15 12:20, Alvaro Herrera wrote:
> Robert Haas wrote:
>
>> I think that if you commit this the way you have it today, everybody
>> will go, oh, look, Stephen committed something, but it looks
>> complicated, I won't pay attention.
> Yeah, that sucks.
>
>> Finally, you've got the idea of making pg_ a reserved prefix for
>> roles, adding some predefined roles, and giving them some predefined
>> privileges. That should be yet another patch.
> On this part I have a bit of a problem -- the prefix is not really
> reserved, is it. I mean, evidently it's still possible to create roles
> with the pg_ prefix ... otherwise, how come the new lines to
> system_views.sql that create the "predefined" roles work in the first
> place? I think if we're going to reserve role names, we should reserve
> them for real: CREATE ROLE should flat out reject creation of such
> roles, and the default ones should be created during bootstrap.
>
> IMO anyway.
>
What if I had a company with several subsidiaries using the same
database, and want to prefix roles and other things with the
subsidiary's initials? (I am not saying this would be a good
architecture!!!)

For example if one subsidiary was called 'Perfect Gentleman', so I would
want roles prefixed by 'pg_' and would be annoyed if I couldn't!

Cheers,
Gavin

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2015-04-30 00:42:19 Re: alternative compression algorithms?
Previous Message Alvaro Herrera 2015-04-30 00:20:04 Re: Additional role attributes && superuser review